You need to perform a health check on Symantec Protection Engine (SPE) to determine if it is online and able to accept scan requests.

SPE configured to use ICAP

To determine if Protection Engine is up and available to service scan requests, you should send it an ICAP OPTIONS request. This method is preferred over any type of ping health check.

An options request looks like the following (replace <placeholders> with the appropriate values for your environment):

OPTIONS icap://<ip address>:<port>/<ICAP Service> ICAP/1.0

For example, if you scan using the SYMCScanResp-AV service, the options request will look like the following:

OPTIONS icap://192.0.2.2:1344/SYMCScanResp-AV ICAP/1.0

If SPE is configured to use Secure ICAP, you need to establish a TLS connection before sending the OPTIONS request.

If SPE is online and able to accept requests, it will send an ICAP response with general ICAP and scanner information:

ICAP/1.0 200 OK
Date: Thu Dec 10 00:40:43 2020 GMT
Methods: RESPMOD, FILEMOD
Service: Symantec Protection Engine/8.2.0.35
Service-ID: SYMCSCANRESP-AV
ISTag: "EC1E563A269B69BBCBB1F4E7040874A8"
X-Definition-Info: 20201209.037
Max-Connections: 24
X-Allow-Out: X-Outer-Container-Is-Mime, X-Infection-Found, X-Definition-Info, X-AV-License
X-Allow-Out: X-Violations-Found
Allow: 204
Options-TTL: 3600
Preview: 4
Transfer-Preview: *
X-AV-License: 1
Encapsulated: null-body=0

To determine how to configure your connector or load balancer to send an OPTIONS request, please reach out to its vendor.